nginx配置以避免"ERROR DOMException:阻止具有源xxx的帧访问跨源帧"
Fal*_*aly 10 iframe proxy nginx cross-domain
我必须www.myapp.com使用iframe 将三个不同的网站嵌入到我的应用中.我们假设这些网站的网址是:
- website1.com
- website2.com
- website3.com
iframe无法直接嵌入这些网站,因为他们的服务器将X-Frame-Options响应头设置为SAMEORIGIN,因此我使用nginx作为代理来删除这些X-Frame-Options头:
# parent application: myapp.com:
server {
listen 8080;
server_name myapp.com www.myapp.com;
location /stand {
root /srv/www;
try_files $uri $uri/ /stand/index.html;
}
}
# website1.com proxy:
server {
listen 8080;
server_name proxywebsite1.com www.proxywebsite1.com;
location / {
proxy_pass https://www.website1.com/;
proxy_set_header www.website1.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_hide_header 'x-frame-options';
}
}
# website2.com proxy:
server {
listen 8080;
server_name proxywebsite2.com www.proxywebsite2.com;
location / {
proxy_pass https://www.website2.com/;
proxy_set_header www.website2.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_hide_header 'x-frame-options';
}
}
# website3.com proxy:
server {
listen 8080;
server_name proxywebsite3.com www.proxywebsite3.com;
location / {
proxy_pass https://www.website3.com/;
proxy_set_header www.website3.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_hide_header 'x-frame-options';
}
}通过上面的配置,我现在可以将这三个站点嵌入到iframe中,即使域名不同(www.myapp.com,proxywebsite1.com,proxywebsite2.com,proxywebsite3.com).
但是现在,我想通过使用JavaScript隐藏嵌入式网站的某些元素(页脚,标题,...),并且由于域名不同而被阻止.我在浏览器的控制台中遇到以下错误:
"ERROR DOMException: Blocked a frame with origin xxx from accessing a cross-origin frame"
所以我的问题:是否有配置nginx的所以方式myapp.com和proxywebsite1.com不被视为浏览器不同的域?
| 归档时间: |
|
| 查看次数: |
602 次 |
| 最近记录: |